vck_loader/lib.rs
1// SPDX-FileCopyrightText: 2026 JC-Lab <joseph@jc-lab.net>
2//
3// SPDX-License-Identifier: Apache-2.0
4
5//! `vck-loader` — UEFI loader framework for volumecrypt-kit.
6//!
7//! This crate provides the loader-side **mechanisms** described in
8//! `docs/architecture.md` ("lib/loader"); the sample loader drives the flow
9//! itself and owns the crypto policy:
10//!
11//! - [`init`]: start banner + enable the SSE/XMM control bits AES-NI needs.
12//! - Block IO hooking engine ([`hook::BlockIoHookEngine`]): given a sample-built
13//! [`HookGeometry`] + [`VolumeCipher`](vck_common::VolumeCipher), hooks
14//! `EFI_BLOCK_IO_PROTOCOL` and
15//! `EFI_BLOCK_IO2_PROTOCOL` so that the OS volume data region is decrypted
16//! transparently while it is read during boot.
17//! - Handover ([`handover`]): publishes the driver handover payload as a UEFI
18//! runtime variable (the driver reads it at OS runtime).
19//! - Chainloading ([`chainload`]): loads and starts the next EFI image
20//! (the OS boot manager).
21//!
22//! Full compilation targets a UEFI triple and requires the WEDK toolchain
23//! (`G:\`, see `AGENTS.md`); host builds are not expected.
24
25#![no_std]
26
27extern crate alloc;
28
29pub mod chainload;
30pub mod cpu;
31pub mod handover;
32pub mod hook;
33pub mod provider;
34
35// Public API re-exports. The sample loader drives the flow itself with these
36// building blocks (see `sample/loader`).
37pub use provider::{DevicePath, HookGeometry};
38
39// Re-export the hooking engine entry point for sample loaders.
40pub use hook::BlockIoHookEngine;
41
42/// Loader initialization: emit a start banner and report/enable the SSE/XMM
43/// control bits required by AES-NI before any AES-NI code (cipher construction,
44/// the Block IO decrypt hook) runs. Call this first from the sample's entry.
45pub fn init() {
46 log::info!("init: start");
47 cpu::report_and_enable_xmm();
48}